Back to skill

Security audit

Micro SaaS Launch Pack

Security checks across malware telemetry and agentic risk

Overview

This is a zero-setup business planning skill with a minor risk of being invoked too broadly, but no evidence of hidden access, commands, credentials, persistence, or data transfer.

Reasonable to install for side-project or micro-SaaS launch planning. Treat its output as business guidance, not a guarantee of success, and avoid sharing confidential customer data, proprietary strategy, or sensitive financial details unless you are comfortable processing them in your agent environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger examples are generic enough to match many normal product/idea-planning requests, which can cause the skill to activate too broadly and steer conversations into its fixed business-launch workflow even when another skill or a narrower response would be more appropriate. This is not an exploit in the code-execution sense, but it is a real security/control-scope issue because over-broad invocation increases unintended handling, prompt-surface exposure, and the chance of the skill influencing tasks outside its intended boundaries.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.